Cloud forensic: Technical challenges, solutions and comparative analysis

Pichan, A.; Lazarescu, Mihai; Soh, S.

doi:10.1016/j.diin.2015.03.002

Access Status

Fulltext not available

Authors

Pichan, A.

Lazarescu, Mihai

Soh, S.

Date

2015

Type

Journal Article

Metadata

Show full item record

Citation

Pichan, A. and Lazarescu, M. and Soh, S. 2015. Cloud forensic: Technical challenges, solutions and comparative analysis. Digital Investigation. 13: pp. 38-57.

Source Title

Digital Investigation

DOI

10.1016/j.diin.2015.03.002

ISSN

1742-2876

School

Department of Computing

URI

http://hdl.handle.net/20.500.11937/33937

Collection

Curtin Research Publications

Abstract

Cloud computing is arguably one of the most significant advances in information technology (IT) services today. Several cloud service providers (CSPs) have offered services that have produced various transformative changes in computing activities and presented numerous promising technological and economic opportunities. However, many cloud customers remain reluctant to move their IT needs to the cloud, mainly due to their concerns on cloud security and the threat of the unknown. The CSPs indirectly escalate their concerns by not letting customers see what is behind virtual wall of their clouds that, among others, hinders digital investigations. In addition, jurisdiction, data duplication and multi-tenancy in cloud platform add to the challenge of locating, identifying and separating the suspected or compromised targets for digital forensics. Unfortunately, the existing approaches to evidence collection and recovery in a non-cloud (traditional) system are not practical as they rely on unrestricted access to the relevant system and user data; something that is not available in the cloud due its decentralized data processing.In this paper we systematically survey the forensic challenges in cloud computing and analyze their most recent solutions and developments. In particular, unlike the existing surveys on the topic, we describe the issues in cloud computing using the phases of traditional digital forensics as the base. For each phase of the digital forensic process, we have included a list of challenges and analysis of their possible solutions. Our description helps identifying the differences between the problems and solutions for non-cloud and cloud digital forensics. Further, the presentation is expected to help the investigators better understand the problems in cloud environment. More importantly, the paper also includes most recent development in cloud forensics produced by researchers, National Institute of Standards and Technology and Amazon.